diff --git a/.hgignore b/.hgignore index 0ad40cbf44..016cac6d93 100644 --- a/.hgignore +++ b/.hgignore @@ -3,4 +3,5 @@ ops/secrets/ syntax: glob *.sw? *.pyc +*.orig *~ diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index 359574786a..2a703f4355 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -1,10 +1,9 @@ { depot, lib, pkgs, ... }@args: let inherit (builtins) foldl' mapAttrs; - systemFor = configs: + systemFor = config: (depot.third_party.nixos { - configuration = lib.fix - (config: foldl' lib.recursiveUpdate { } (map (c: c config) configs)); + configuration = config; }).system; systems = [ "porcorosso" "ixvm-fra01" "marukuru" ]; rebuilder = system: @@ -21,5 +20,5 @@ let systemCfgs = lib.genAttrs systems (name: import (./. + "/${name}") (args // { rebuilder = rebuilder name; })); mapAttrValues = (f: set: mapAttrs (name: f) set); - systemDrvs = mapAttrValues (systemCfg: systemFor [ systemCfg ]) systemCfgs; + systemDrvs = mapAttrValues (systemCfg: systemFor systemCfg) systemCfgs; in systemDrvs diff --git a/ops/nixos/ixvm-fra01/default.nix b/ops/nixos/ixvm-fra01/default.nix index 03b09bbe44..f7e2c04ed3 100644 --- a/ops/nixos/ixvm-fra01/default.nix +++ b/ops/nixos/ixvm-fra01/default.nix @@ -1,8 +1,8 @@ { depot, lib, pkgs, rebuilder, ... }: -config: +{ config, ... }: let inherit (depot.ops) secrets; -in lib.fix (self: { +in { boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" @@ -134,4 +134,4 @@ in lib.fix (self: { boot.kernel.sysctl."net.core.default_qdisc" = "fq_codel"; system.stateVersion = "20.03"; -}) +} diff --git a/ops/nixos/marukuru/default.nix b/ops/nixos/marukuru/default.nix index e6e783686f..b21a377b55 100644 --- a/ops/nixos/marukuru/default.nix +++ b/ops/nixos/marukuru/default.nix @@ -1,8 +1,9 @@ { depot, lib, pkgs, rebuilder, ... }: -config: +{ config, ... }: let inherit (depot.ops) secrets; -in lib.fix (self: { + myPhp = pkgs.php.withExtensions ({ enabled, all }: enabled ++ [ all.apcu all.mailparse ]); +in { imports = [ ]; boot.kernelModules = [ "tcp_bbr" ]; boot.kernel.sysctl = { @@ -20,8 +21,6 @@ in lib.fix (self: { nix.maxJobs = lib.mkDefault 2; hardware.enableRedistributableFirmware = true; - nixpkgs.config = { allowUnfree = true; }; - nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; # Use GRUB2. @@ -68,17 +67,12 @@ in lib.fix (self: { vim mercurial gitAndTools.gitFull - php phpPackages.mailparse nodejs rxvt_unicode.terminfo rebuilder ]; - environment.etc."php.d/mailparse.ini".text = '' - extension=${pkgs.phpPackages.mailparse}/lib/php/extensions/mailparse.so - ''; environment.etc."php.d/cache.ini".text = '' zend_extension=${pkgs.php}/lib/php/extensions/opcache.so - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so opcache.validate_timestamps=0 opcache.enable_cli=1 @@ -267,14 +261,13 @@ in lib.fix (self: { services.phpfpm.phpOptions = '' zend_extension=${pkgs.php}/lib/php/extensions/opcache.so - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - extension=${pkgs.phpPackages.mailparse}/lib/php/extensions/mailparse.so opcache.validate_timestamps=0 opcache.enable_cli=1 ''; services.phpfpm.pools.phabricator = { user = "phabricator"; + phpPackage = myPhp; settings = { "listen.owner" = config.services.nginx.user; "pm" = "dynamic"; @@ -298,12 +291,12 @@ in lib.fix (self: { services.mysql = { enable = true; package = pkgs.mariadb; - extraOptions = '' - max_allowed_packet = 128M - sql_mode = STRICT_ALL_TABLES - innodb_buffer_pool_size = 1600M - local_infile = 0 - ''; + settings.mysqld = { + max_allowed_packet = "128M"; + sql_mode = "STRICT_ALL_TABLES"; + innodb_buffer_pool_size = "1600M"; + local_infile = "0"; + }; }; services.postfix = { @@ -338,4 +331,4 @@ in lib.fix (self: { boot.kernel.sysctl."net.core.default_qdisc" = "fq_codel"; system.stateVersion = "20.03"; -}) +} diff --git a/ops/nixos/porcorosso/default.nix b/ops/nixos/porcorosso/default.nix index fcea5990a7..426d1182da 100644 --- a/ops/nixos/porcorosso/default.nix +++ b/ops/nixos/porcorosso/default.nix @@ -1,5 +1,5 @@ { depot, lib, pkgs, rebuilder, ... }: -config: +{ config, ... }: let inherit (depot.ops) secrets; nvidia-offload-profile = '' @@ -12,7 +12,7 @@ let (nvidia-offload-profile + '' exec -a "$0" "$@" ''); -in lib.fix (self: { +in { boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" @@ -221,5 +221,4 @@ in lib.fix (self: { # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "19.09"; # Did you read the comment? - -}) +}